Stack Overflow
Stack Overflow

Questions tagged [kubernetes-security]

Questions related to Kubernetes security: from deploying cluster securely to running secure workloads on it.

116 questions
0
votes
1 answer

Access spring security through kubernetes ingress

I enabled in my backend tls. So every traffic needs to go through "https://.....". I am able to access it locally or with Port-Forwarding in Kubernetes. But I cannot access it through the DNS (e.g. https://hostname.net/backend/....). I get as…
goku736
  • 372
  • 2
  • 16
0
votes
1 answer

How to add cert in Pod?

How to add another root-certificate to this file /var/run/secrets/kubernetes.io/serviceaccount/ca.crt (in pod fs) that signed the kubernetes root-certificate ? That is, there should always be two certificates when mounting the Pod. Thank you.
egorovd
  • 23
  • 1
  • 5
0
votes
1 answer

Is there any security issue when I open the chown or dac_override capabilities in kubernetes

As a Kubernetes cluster admin, I was asked to enable the chown, dac_override and fowner Linux capabilities in the SHARED Kubernetes cluster for some special Pods. But I found it is horrible to open these capabilities in…
user13220731
  • 25
  • 3
0
votes
1 answer

Is it possible to set exact name of Service Account token?

I'm trying to setup docker registry via Traefik, authenticated by a Service account bearer token. The problem is that the name of default service token secret is ended with some random characters, which can not be passed to the Ingress config, or…
majkrzak
  • 1,332
  • 3
  • 14
  • 30
0
votes
1 answer

GKE: View details about one's permissions

I am interacting with a GKE cluster and trying to understand what are my permissions ➢ kubectl get roles --all-namespaces NAMESPACE NAME AGE istio-system istio-ingressgateway-sds …
pkaramol
  • 16,451
  • 43
  • 149
  • 324
0
votes
1 answer

Getting GKE secrets back even after deleting the KMS keys used for encryption

I followed this document to create a GKE cluster (1.13.6-gke.6) with --database-encryption-key flag giving a KMS key for enabling Application-layer Secrets Encryption. I created a secret using the following command: kubectl create secret generic…
Amit Yadav
  • 4,422
  • 5
  • 34
  • 79
0
votes
2 answers

Problems with simple RBAC example

I want to make a very simple example to learn how to use RBAC authorization in kubernetes. Therefore I use the example from the docs: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: dev name: dev-readpods-role rules: -…
Fdot
  • 67
  • 1
  • 6
0
votes
2 answers

Is authentication required on RESTful services interacting with each other on Kubernetes cluster?

We have a microservice architecture and there are REST services interacting with each other through HTTP. All of these services are hosted on a Kubernetes cluster. Do we need to have explicit authentication for such service interaction or does…
user1874915
  • 9
  • 2
0
votes
1 answer

Using external NFS exports with kubernetes pods

Is there any way to configure k8s so that pre defined nfs exports on some external nfs server , are only available for the pods that belong to a particular name space and other pods in other name spaces cannot mount it.
Ijaz Ahmad
  • 11,198
  • 9
  • 53
  • 73
0
votes
1 answer

Using host paths for persistent volumes with restrictions

Is there any way to configure k8s so that pre defined host paths on worker nodes , are only available for the pods that belong to a particular name space and other pods in other name spaces cannot mount it.
Ijaz Ahmad
  • 11,198
  • 9
  • 53
  • 73
0
votes
2 answers

Kubernetes health check public access

Let's say you have microservices and running many nodes. Every nodes expose services to internet and they have also health rest services that are used internally but they should be private. How do you make private your health checks in Kubernetes…
firstthumb
  • 4,627
  • 6
  • 35
  • 45
0
votes
1 answer

Re-deploying certificates after expiry in kubernetes cluster

Certificates in my kubernetes are expired. What are the steps in redeploying certificates. After redployment pod health is affected. How do i overcome this? [mdupaguntla@iacap067 K8S_HA_Setup_Post_RPM_Installation_With_RBAC]$ sudo kubectl logs…
vamsi krishna
  • 33
  • 4
0
votes
1 answer

How to access Kubernetes Dashboard as admin with userid/passwd outside cluster?

Desired Outcome: I want to set up a CSV file with userids and passwords and access Kubernetes Dashboard as a full admin, preferably from anywhere with a browser. I am just learning kubernetes and want to experiment with cluster management,…
ChrisRTech
  • 547
  • 8
  • 25
0
votes
1 answer

kubernetes: NetworkPolicy deny-all not denying

I am deploying an application on a kubernetes cluster on aws with weave I have one additional (besides the default) namespace: my-staging. I want to apply and test the following deny-all policy which is suggested by kubernetes: apiVersion:…
pkaramol
  • 16,451
  • 43
  • 149
  • 324
0
votes
1 answer

kubernetes: intra-cluster isolation of applications

I have been experimenting with k8s/kops/aws suite. So far things have been going pretty well (except an issue when updating cluster via kops) I want to be able to make use of my existing resources/cluster and deploy 2 flavors of my app (i.e.…
pkaramol
  • 16,451
  • 43
  • 149
  • 324
1 2 3 4 5 6
7
8